Connection unsuccessful


#1

From the Management menu, click Connections .

In the Source Address field, enter your Data Source IP address

In the Data Source IP address I have to put my LAN IP address ? I had put that then If I click on connect I get
connection unsuccessful.


Connection failed for 'AzureDNIG-REPO'. Please check your connection
#2

Hi @suhans_dev,

Two things:

  • Firstly, Is this the same IP address that is mentioned in the docker-compose.yml file? The IP address needs to be the same in both places(within the docker-compose.yml file and Datastore address).

  • Secondly, If the IP address is the same in the YML file, could you please check if the DNIF instance is running? If “No”, then please make sure you traverse to the directory where docker-compose.yml is and execute the command sudo docker-compose up


#3

Hi @Shea.Dominic

Thanks for the reply.

The IP address in both places(within the docker-compose.yml file and Datastore address ) is same.
Then also the connection is unsuccessful.
The DNIF instance is also running. check the screenshot.


#4

Hi @suhans_dev,

Did you click on the “red” link icon? Did an error crop up?


#5

Hi @suhans_dev, were you able to connect successfully? Feel free to ping back in case this didn’t work.


#6

Hi @ [Shea.Dominic]

I am also facing the same issue of connection unsuccessful after clicking on red link icon.

DNIF server is running and IP address at docker-compose.yml and Datastore address are same.


#7

Hi @mahesh,

Could you please execute and share the output of the command: docker-compose logs once the DNIF instance you have got the instance already running?


#8


Hi @Siddhant ,
Thanks for the reply .

I have uploaded image of logs.

Also the supervisorctl command shows below two services in stopped state initially. if I start them manually the services are moving into EXITED state as follows

httplistener EXITED Feb 08 11:39 AM
httpslistener EXITED Feb 08 11:39 AM


#9

Hi @mahesh,

Thanks for the screenshots, could you please let me know if the following steps work:

Check the UNET connectivity on datastore server using following command:
wget https://api2.netmonastery.com/hello

If UNET server is not accessible from datastore, it will show the error:”unable to establish SSL
connection”

Recommended action:

Check and allow ACL on the firewall if required.

Resolution:

Log into A10 server and access Docker container using ssh.

  1. After allowing the UNET connectivity, Check the UNET connectivity on datastore
    server using the following command:
    wget https://api2.netmonastery.com/hello

3 .After establishing connectivity with UNET, restart the din, ingestor services on the
Datastore/A10 using following command:

$ supervisorctl
>restart din ingestor
>exit
  1. Try logging into the console.

#10

Hi @Siddhant ,

Thanks for reply.

Connection is successful, I am trying to forward the logs of centos system. I have installed rsyslog and updated the IP address of DNIF server in rsyslog.conf file.
Also added the Linux repository from DNIF repo and synced it with my repo.

However , I can see below error message from CentralLogCollection.log

_ERROR er_collect location: app.py:1799 Fetch message: S39W9C - Unable to get Parser <>

datastoreapi.log file shows below error

2019-02-13 18:24:41,169 ERROR WebAPI: trace CJCJ7X - Erro while executing query TransportError(400, u’SearchPhaseExecutionException[Failed to execute phase [query_fetch], all shards failed; shardFailures {[dbY5FdZ_TCKX65T4Yn-HyQ][dsdb-20190213][0]: SearchParseException[[dsdb-20190213][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{“sort”: [{“CNAMTime”: {“order”: “desc”}}], “query”: {“bool”: {“should”: [], “must_not”: [], “must”: [{“range”: {“CNAMTime”: {“gte”: “2019-02-12T12:54:32”, “lte”: “2019-02-13T12:54:32”}}}, {“term”: {“ScopeID”: “AWjmMVNIM4U-pGX7V_sW”}}]}}, “from”: 0, “size”: 100}]]]; nested: SearchParseException[[dsdb-20190213][0]: from[-1],size[-1]: Parse Failure [No mapping found for [CNAMTime] in order to sort on]]; }]’)
2019-02-13 18:24:41,171 ERROR WebAPI: trace Report UnknownError in _fetch
2019-02-13 18:24:41,171 ERROR WebAPI: trace Report UnknownError in _fetch

Can you please help me resolve this issue ?


#11

Hi Mahesh,

Good to hear that the connection was established successfully. However, for the parser, make sure whenever you add a device you select the appropriate log type from the device list as well: Adding devices in DNIF

Let me know if this works…


#12

Hi @Siddhant,

Getting the same error as above.

CentralLogCollection.log shows below error message

_2019-02-28 16:05:53,636 ERROR er_collect location: iliCRSch.py:2 WebCRAPI message: invalid query - fetch * from event where $LogName=NIX AND $SubSystem=ADMINISTRATION AND $Action=LOGIN_SESION_DISCON AND $Status=PASSED AND $Duration=15m group count_unique $DevSrcIP limit 100
_>>checkif int_compare count_unique >= 1 include
_>>raise module linux login_session_disconnected_module $DevSrcIP 5 notify_group default default admin

datastoreapi.log shows below message

2019-02-28 16:06:12,080 ERROR WebAPI: trace CJCJ7X - Erro while executing query TransportError(400, u’SearchPhaseExecutionException[Failed to execute phase [query_fetch], all shards failed; shardFailures {[8_Teh_K6S3WPJqkZHMQIqQ][dsdb-20190227][0]: SearchParseException[[dsdb-20190227][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{“sort”: [{“CNAMTime”: {“order”: “desc”}}], “query”: {“bool”: {“should”: [], “must_not”: [], “must”: [{“range”: {“CNAMTime”: {“gte”: “2019-02-27T10:27:06”, “lte”: “2019-02-28T10:27:06”}}}, {“term”: {“ScopeID”: “AWkpaieMM4U-pGX7FQAa”}}]}}, “from”: 0, “size”: 100}]]]; nested: SearchParseException[[dsdb-20190227][0]: from[-1],size[-1]: Parse Failure [No mapping found for [CNAMTime] in order to sort on]]; }]’)

I have added linux parser and added log forwarding devices as well

Please let me know if there is anything missing from my end


#13

Hi @mahesh,

Could you please cross check if the Log Name is NIX and Log Type is OS for the added device?

Post on the same issue can be found here: Unable to add logtype


#14

Hi @Shea.Dominic,

Thanks for the reply.

This has been already done while adding the devices.

Log Name : NIX and Log Type : OS

Still fecing the same issue.


#15

Hi @mahesh,

Could you try a simple _fetch query to retrieve latest events with $LogName=NIX - this will help us identify whether the log data is being parsed properly or if there is a problem with the query itself.

Could you please execute the following query and check if the value for the field $PStatus is PAD?

_fetch * from event where $LogName=NIX and $Duration=24h limit 100

#16

@mahesh - Did it work?


#17

Hi @mahesh,

How do you get the connection successful? Hope you can share me the resolution step? I also experienced the same problem with you when installing A10 in own cloud as well as in AWS instance.